Skip to main content

CVE-2025-6755: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in gameusers Game Users Share Buttons

High
VulnerabilityCVE-2025-6755cvecve-2025-6755cwe-22
Published: Sat Jun 28 2025 (06/28/2025, 05:29:51 UTC)
Source: CVE Database V5
Vendor/Project: gameusers
Product: Game Users Share Buttons

Description

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.

AI-Powered Analysis

AILast updated: 06/28/2025, 05:54:26 UTC

Technical Analysis

CVE-2025-6755 is a critical security vulnerability identified in the Game Users Share Buttons plugin for WordPress, affecting all versions up to and including 1.3.0. The vulnerability is classified as CWE-22, which refers to improper limitation of a pathname to a restricted directory, commonly known as a path traversal vulnerability. The root cause lies in insufficient validation of file paths within the ajaxDeleteTheme() function. Specifically, the plugin fails to properly sanitize the themeNameId parameter in AJAX requests, allowing an attacker with Subscriber-level privileges to craft malicious requests containing arbitrary file paths such as '../../../../wp-config.php'. This can lead to arbitrary file deletion and potentially remote code execution (RCE) if critical files are deleted or manipulated. The vulnerability is remotely exploitable over the network without requiring user interaction, but it does require low-level privileges (Subscriber role) within the WordPress environment. The CVSS v3.1 score is 8.8 (high severity), reflecting the ease of exploitation combined with the significant impact on confidentiality, integrity, and availability. Although no known exploits are currently observed in the wild, the vulnerability poses a substantial risk due to the widespread use of WordPress and the plugin's capability to escalate a low-privilege user to execute arbitrary code or disrupt site operations. The lack of a patch at the time of publication further increases the urgency for mitigation.

Potential Impact

For European organizations, this vulnerability presents a serious threat, especially for those relying on WordPress-based websites for business operations, e-commerce, or public-facing services. Exploitation could lead to unauthorized deletion of critical files, including configuration files like wp-config.php, which may expose database credentials and other sensitive information. This can result in data breaches, website defacement, service downtime, and potential remote code execution, allowing attackers to gain further control over the web server and internal networks. Organizations in sectors such as finance, healthcare, government, and e-commerce are particularly at risk due to the sensitivity of their data and regulatory requirements like GDPR. The disruption caused by such an attack could lead to financial losses, reputational damage, and legal consequences. Additionally, the ability for a low-privilege user to exploit this vulnerability increases the attack surface, as attackers may compromise or create Subscriber accounts through phishing or other means to leverage this flaw.

Mitigation Recommendations

Given the absence of an official patch at the time of reporting, European organizations should implement immediate compensating controls. These include: 1) Restricting Subscriber-level account creation and monitoring for suspicious account activity to prevent unauthorized access. 2) Implementing web application firewalls (WAFs) with custom rules to detect and block malicious AJAX requests targeting the ajaxDeleteTheme() function or containing path traversal patterns in the themeNameId parameter. 3) Conducting regular file integrity monitoring to detect unauthorized file deletions or modifications, especially for critical files like wp-config.php. 4) Limiting file system permissions for the WordPress installation to prevent deletion or modification of sensitive files by the web server user. 5) Isolating WordPress instances in segmented network zones to reduce lateral movement if exploitation occurs. 6) Keeping all other WordPress plugins and core components updated to minimize the overall attack surface. Once an official patch is released, organizations must prioritize its deployment. Additionally, performing thorough audits of user roles and permissions and educating administrators about the risks of low-privilege account misuse will strengthen defenses.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-06-26T22:17:54.592Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 685f80106f40f0eb726abc16

Added to database: 6/28/2025, 5:39:28 AM

Last enriched: 6/28/2025, 5:54:26 AM

Last updated: 7/1/2025, 1:27:15 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats